diff --git a/Makefile b/Makefile
index 1b7d0e0281265ab0b7df5c579600860f4a722a6a..6c6d41a4d953fd3519d6b12c9fc09ad36656c8ad 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ install:
 	chmod 755 /usr/local/bin/ssl-ca
 
 clean:
-	rm -rf openssl.cnf certs keys CA.key CA.crt
+	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12
 
 test: clean
 	./ssl-ca init
diff --git a/ssl-ca b/ssl-ca
index d3fced5c74b7ac4b94b758a254106efb02a8a0a4..d4952dff4357b3b7053700f445d7a30ecc51854c 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -59,20 +59,35 @@ init () {
     else
         echo "$config" > "openssl.cnf"
     fi
-    openssl req \
-        -x509 \
-        -config openssl.cnf \
-        -new \
-        -newkey rsa:2048 \
-        -keyout CA.key \
-        -extensions v3_ca \
-        -out CA.crt
-    openssl pkcs12 \
-        -export \
-        -in CA.crt \
-        -inkey CA.key \
-        -out CA.p12 \
-        -passout pass:
+    if [ -e CA.key ]
+    then
+        echo CA.key already exists, skipping.
+    else
+        openssl genrsa -out CA.key 2048
+    fi
+    if [ -e CA.crt ]
+    then
+        echo CA.crt already exists, skipping.
+    else
+        openssl req \
+            -x509 \
+            -config openssl.cnf \
+            -new \
+            -key CA.key \
+            -extensions v3_ca \
+            -out CA.crt
+    fi
+    if [ -e CA.p12 ]
+    then
+        echo PKCS12 file already exists, skipping.
+    else
+        openssl pkcs12 \
+            -export \
+            -in CA.crt \
+            -inkey CA.key \
+            -out CA.p12 \
+            -passout pass:
+    fi
 }
 
 sign_key () {